CN103944724A - User identity identification card - Google Patents
User identity identification card Download PDFInfo
- Publication number
- CN103944724A CN103944724A CN201410156521.6A CN201410156521A CN103944724A CN 103944724 A CN103944724 A CN 103944724A CN 201410156521 A CN201410156521 A CN 201410156521A CN 103944724 A CN103944724 A CN 103944724A
- Authority
- CN
- China
- Prior art keywords
- module
- information
- identification card
- subscriber identification
- random factor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
Abstract
The invention provides a user identity identification card. The user identity identification card comprises a communication module, a safety certificating module, a right control module, a security protection module, a security storage module, a public key algorithm module, a symmetric algorithm module, a random number module, a hash module and a processing module. The communication module is used for receiving and outputting information. The safety certificating module is used for carrying out the safety certification on the user identity information and the user operation information. The right control module is used for carrying out right control on calling of the processing module for various modules, the security protection module is used for at least carrying out the protection operation on the operation of the public key algorithm module, the symmetric algorithm module, the random number module and/or the hash module, and the security storage module is used for at least storing a private key for carrying out signature calculation and a negotiation secret key for carrying out encryption and decryption calculation and/or verifying calculation. The public key algorithm module is used for carrying out signature calculation. The symmetric algorithm module is used for carrying out encryption and decryption calculation and/or verifying calculation. The random number module is used for generating random factors. The hash module is used for carrying out hash calculation. The processing module is used for calling all the modules. According to the user identity identification card, data transmission can be safely carried out.
Description
Technical field
The present invention relates to electronic technology field, relate in particular to a kind of subscriber identification card.
Background technology
Along with the very big facility that developing rapidly of network brings, people more and more depend on network and carry out comings and goings, and the transmission of for example network file, internet bank trade all become an indispensable part in people's life, work gradually.Because network is a virtual environment after all, exist too many unsafe factor, and in network environment, will inevitably carry out the network activity of data interaction, especially the network activity as the transmission of Internet-based banking services and confidential information, the safety of network has been proposed to very high requirement, and therefore people start to greatly develop network information security technology.
But, along with the develop rapidly of mobile phone technique now, mobile phone terminal is more and more used to replacement computer and uses, but not having now a kind of mobile phone terminal can Secure execution Internet-based banking services and/or the solution of confidential information transmission, and the subscriber identification card using in mobile phone now only has data-transformation facility, does not have other safer functions.
Summary of the invention
The present invention is intended to one of address the above problem.
Main purpose of the present invention is to provide a kind of subscriber identification card.
For achieving the above object, technical scheme of the present invention is specifically achieved in that
One aspect of the present invention provides a kind of subscriber identification card, comprising: processing module, communication module, security authentication module, control of authority module, safety protection module, secure storage module, public key algorithm module, symmetry algorithm module, random number module and hash module;
Described communication module, for carrying out information reception and output;
Described security authentication module, for carrying out safety certification to subscriber identity information and user's operation information;
Described control of authority module, for carrying out control of authority to described processing module to calling of modules;
Described safety protection module, at least carrying out fence operation to the operation of described public key algorithm module, described symmetry algorithm module, described random number module and/or described hash module;
Described secure storage module, carries out the private key of signature calculation, the arranging key that carries out encryption and decryption calculating and/or verification calculating at least storing;
Described public key algorithm module, for carrying out signature calculation;
Described symmetry algorithm module, calculates for carrying out encryption and decryption calculating and/or verification;
Random number module, for generating random factor;
Hash module, for carrying out hash calculating;
Described processing module, call for information reception and output to described communication module, authentication result after described security authentication module certification is called, fence operation to described safety protection module is called, described secure storage module canned data is called, calculating to described public key algorithm module is called, calculating to described symmetry algorithm module is called, the random factor that described random number module is generated calls, the hash of described hash module is calculated and called, and carry out calling of modules according to the authority of described control of authority module.
In addition,
Described communication module, also for receiving the first authentication information and pending information, export the second authentication information, the second cipher-text information and process information, wherein, described the first authentication information at least comprises: the first cipher-text information, ciphertext signing messages and certificate to be certified, described the first cipher-text information at least comprises the first random factor and the second random factor, and described ciphertext signing messages is the signature that described the first cipher-text information is carried out; Described the second authentication information at least comprises: the first random factor and subscriber identification card certificate, and described the second cipher-text information at least comprises described the second random factor and the 3rd random factor;
Described secure storage module, also for storing the certificate of the private key of subscriber identification card, described subscriber identification card, the PKI of described certificate to be certified;
Described public key algorithm module, carries out the sign test of described ciphertext signing messages and calculates, and described certificate verification to be certified is calculated by the PKI of described certificate to be certified;
Described symmetry algorithm module, also for described the first cipher-text information is decrypted to calculating, and is at least encrypted calculating acquisition the second cipher-text information to described the second random factor and described the 3rd random factor;
Random number module, also for generating described the first random factor and described the 3rd random factor;
Described processing module, also for after calling described public key algorithm module and described certificate to be certified is authenticated passing through, calling described public key algorithm module calculates the sign test of described ciphertext signing messages, and after sign test is passed through, call the first cipher-text information described in described symmetry algorithm module decrypts, obtain described the second random factor, and call described the 3rd random factor that described random number module generates, and call described symmetry algorithm module and described the second random factor and described the 3rd random factor are encrypted to calculate obtain described the second cipher-text information.
In addition,
Described communication module, also for receiving the first check information and pending information, output the second check information and process information; Wherein, described the first check information calculates by the first random factor, and described the second check information calculates by the second random factor;
Described secure storage module, also for storing the private key of subscriber identification card, the first key of verifying and the second key;
Described symmetry algorithm module, also for by described the first key, described the first check information being carried out to verification calculating, carries out verification by described the second key to the second random factor and calculates described the second check information of acquisition;
Random number module, also at least generating described the second random factor;
Described processing module, also for described the first check information being carried out to verification in described the first key and the described symmetry algorithm module of calling described secure storage module storage, and after verification is passed through, call described the second random factor that described random number module generates, and call described symmetry algorithm module described the second random factor is carried out to described the second check information of verification calculating acquisition.
In addition,
Described communication module, also for receiving the first cipher-text information and pending information, output the second cipher-text information and process information; Wherein, described the first cipher-text information is by the PKI of subscriber identification card, the first random factor to be encrypted and to be calculated, and described the second cipher-text information is that the PKI by treating interactive module is encrypted and calculates the second random factor;
Described secure storage module, also for store subscriber identification card private key, treat interactive module PKI generate PKI computational algorithm;
Described public key algorithm module, also for according to described PKI computational algorithm and treat that interactive module identification information treats the PKI of interactive module described in generating;
Described symmetry algorithm module, is also decrypted calculating for the private key by subscriber identification card to described the first cipher-text information, by the described PKI for the treatment of interactive module, described the second random factor is encrypted to calculating;
Random number module, also at least generating described the second random factor;
Described processing module, also decipher described the first cipher-text information according to the private key of described subscriber identification card and obtain the first random factor for calling described symmetry algorithm module, and call the described PKI computational algorithm of described secure storage module storage and described public key algorithm module and treat described in generating the PKI of interactive module, and call described the second random factor that described random number module generates, and call described symmetry algorithm module according to described in treat interactive module PKI described the second random factor be encrypted to calculate obtain described the second cipher-text information.
In addition,
Described process information comprises: described symmetry algorithm module is encrypted the enciphered message calculating to signing messages according to described arranging key, wherein, described signing messages is that described public key algorithm module is carried out signature calculation according to the private key of described subscriber identification card to described pending information and obtained; Or
Described process information comprises: described symmetry algorithm module carries out to signing messages check information and the described signing messages that verification calculates according to described arranging key, wherein, described signing messages is that described public key algorithm module is carried out signature calculation according to the private key of described subscriber identification card to described pending information and obtained; Or
Described process information comprises: described symmetry algorithm module is encrypted the enciphered message calculating and described signing messages is carried out to the check information that verification calculates signing messages according to described arranging key, wherein, described signing messages is that described public key algorithm module is carried out signature calculation according to the private key of described subscriber identification card to described pending information and obtained; Or
Described process information comprises: described symmetry algorithm module is encrypted the enciphered message calculating and described enciphered message is carried out to the check information that verification calculates signing messages according to described arranging key, wherein, described signing messages is that described public key algorithm module is carried out signature calculation according to the private key of described subscriber identification card to described pending information and obtained.
In addition, described processing module also, in the time that described public key algorithm module is carried out signature calculation according to the private key of described subscriber identification card to described pending information, is called the hash of described hash module and is calculated to obtain described signing messages.
In addition, described symmetry algorithm module, also calculates and/or verification calculating for described pending information is decrypted.
In addition, described communication module comprises: serial ports, USB interface, NFC interface, blue tooth interface, infrared interface, button or audio interface.
In addition, described fence operation comprises: frequency scrambling, power consumption scrambling, calculating scrambling or EQUILIBRIUM CALCULATION FOR PROCESS.
In addition, described control of authority module is also for controlling the execution of code and/or application program.
As seen from the above technical solution provided by the invention, by the subscriber identification card that possesses safety function of the present invention, can carry out safely transfer of data.
And then transmit by common the use to realize the Internet-based banking services of mobile phone Secure execution and/or confidential information of security of subscriber identification card matching with mobile phone of the present invention.
Brief description of the drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain other accompanying drawings according to these accompanying drawings.
Fig. 1 is the structural representation of subscriber identification card provided by the invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiment.Based on embodiments of the invention, those of ordinary skill in the art, not making the every other embodiment obtaining under creative work prerequisite, belong to protection scope of the present invention.
In description of the invention, it will be appreciated that, term " " center ", " longitudinally ", " laterally ", " on ", D score, " front ", " afterwards ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", orientation or the position relationship of instructions such as " outward " are based on orientation shown in the drawings or position relationship, only the present invention for convenience of description and simplified characterization, instead of device or the element of instruction or hint indication must have specific orientation, with specific orientation structure and operation, therefore can not be interpreted as limitation of the present invention.In addition, term " first ", " second " be only for describing object, and can not be interpreted as instruction or hint relative importance or quantity or position.
In description of the invention, it should be noted that, unless otherwise clearly defined and limited, term " installation ", " being connected ", " connection " should be interpreted broadly, and for example, can be to be fixedly connected with, and can be also to removably connect, or connect integratedly; Can be mechanical connection, can be also electrical connection; Can be to be directly connected, also can indirectly be connected by intermediary, can be the connection of two element internals.For the ordinary skill in the art, can concrete condition understand above-mentioned term concrete meaning in the present invention.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
Subscriber identification card of the present invention is can be following any card: SIM(Subscriber Identity Module, client identification module) card, UIM(User Identity Module) card, usim card, PIM card etc., above card is all on the basis of existing function, expand safety function, thereby can matching with mobile phone have realized the function of the Internet-based banking services of mobile phone Secure execution and/or confidential information transmission.
In addition, subscriber identification card of the present invention need to mate use with the mobile phone that possesses safety function, can jointly complete with subscriber identification card of the present invention the function of Internet-based banking services and/or confidential information transmission to ensure to have the mobile phone of safety function.
Fig. 1 has shown the structural representation of the subscriber identification card of the embodiment of the present invention 1, referring to Fig. 1, the subscriber identification card of the embodiment of the present invention 1, comprising: communication module 101, security authentication module 102, control of authority module 103, safety protection module 104, secure storage module 105, public key algorithm module 106, symmetry algorithm module 107, random number module 108, hash module 109 and processing module 110; Wherein,
Communication module 101, for carrying out information reception and output; Concrete, this communication module 101 can be accepted calling of processing module 110, the information that the security of the mobile phone with safety function of use sends so that reception and subscriber identification card match, the while also can export the various information of subscriber identification card generation to the security of mobile phone.This communication module 101 can be the interface arbitrarily such as serial ports, USB interface, NFC interface, blue tooth interface, infrared interface, button or audio interface.
Security authentication module 102, for carrying out safety certification to subscriber identity information and user's operation information; Concrete, security authentication module 102 can be accepted calling of processing module 110, user is inputted by mobile phone or identity information that other modes are inputted carries out safety certification, also can carry out safety certification to user's operation information, the operations such as such as read operation, this security authentication module 102 can be set different level of securitys according to different users, to complete safety certification function according to the identity of different user and/or operation.
Control of authority module 103, for carrying out control of authority to processing module 110 to calling of modules; Concrete, control of authority module 103 can be accepted calling of processing module 110, and has coordinated processing module 110 to the calling of modules with processing module 110, thus the calling of control processing module 110.Certainly, control of authority module 103 can also be controlled the execution authority of code and/or application program, with the safety of guarantee information, function and application.
Safety protection module 104, at least carrying out fence operation to the operation of public key algorithm module 106, symmetry algorithm module 107, random number module 108 and/or hash module 109; Concrete, in the time that public key algorithm module 106 is carried out signature calculation, and in the time that symmetry algorithm module 107 is carried out encryption and decryption calculating and/or verification calculating, protect by being invoked in calculating of processing module 110.Thereby can resist the attack analysis such as energy spectrometer or emi analysis, improve and calculate the difficulty cracking, thereby improve the fail safe that various information is calculated.Wherein, fence operation can comprise: the scrambling operations arbitrarily such as frequency scrambling, power consumption scrambling or calculating scrambling; fence operation can also be the operations such as EQUILIBRIUM CALCULATION FOR PROCESS, as long as can realize security protection object, prevents that the operations such as attack all can belong to protection scope of the present invention.Wherein, safety protection module 104 at least carries out fence operation to the calculating operation of public key algorithm module 106 and/or symmetry algorithm module 107.
Secure storage module 105, carries out the private key of signature calculation, the arranging key that carries out encryption and decryption calculating and/or verification calculating at least storing; Concrete, secure storage module 105 can at least be stored the information of the safety such as safe key, arranging key, and accepts calling of processing module 110, to coordinate the safety function of other module completing user identification cards.Wherein, the private key that carries out signature calculation can not be removed completely, improves the fail safe of private key storage.
Public key algorithm module 106, for carrying out signature calculation; Concrete, public key algorithm module 106 is in the calling of processed module 110, carry out signature calculation according to the private key (the present invention can be the private key of subscriber identification card) for carrying out signature calculation of storage in secure storage module 105, thereby can realize the safety function of subscriber identification card.
Symmetry algorithm module 107, calculates for carrying out encryption and decryption calculating and/or verification; Concrete, in the present invention, processing module 110 can be called symmetry algorithm module 107 subscriber identification card is exported to the security of mobile phone and the information that the security of mobile phone is sent to subscriber identification card is carried out to encryption and decryption calculating and/or verification is calculated, thereby the communication transmitting between the security of guarantee mobile phone and subscriber identification card is not tampered, and improves fail safe.
Random number module 108, for generating random factor; Concrete, random number module 108 can processed module 110 be called the random factor of its generation, the security that thereby random factor can be sent to mobile phone receives the random factor that the security of mobile phone sends simultaneously, so that processing module 110 can produce the arranging key for information interaction between the security of mobile phone and subscriber identification card according to a side or both sides' random factor, thus the fail safe that improves information interaction between the security module of mobile phone and subscriber identification card; In addition, in the time carrying out communication, can also increase this random factor at every turn, prevent Replay Attack.
Hash module 109, for carrying out hash calculating; Concrete, hash module 109 can be accepted calling of processing module 110, in the time that processing module 110 is called public key algorithm module 106, according to the private key of subscriber identification card, information is carried out to signature calculation, coordinate and carry out hash calculating to obtain signing messages, with the safety function of completing user identification card.
Processing module 110, call for information reception and output to communication module 101, authentication result after security authentication module 102 certifications is called, fence operation to safety protection module 104 is called, secure storage module 105 canned datas are called, calculating to public key algorithm module 106 is called, calculating to symmetry algorithm module 107 is called, the random factor that random number module 108 is generated calls, the hash of hash module 109 is calculated and called, and carry out calling of modules according to the authority of control of authority module 103.Concrete, thereby processing module 110 all can realize and call the safety function that coordinates completing user identification card for above modules.
Thus, by the subscriber identification card that possesses safety function of the present invention, can carry out safely transfer of data.
And then common the use to realize the Internet-based banking services of mobile phone Secure execution and/or confidential information of the security that adopts subscriber identification card matching with mobile phone of the present invention transmitted.
Embodiment 1
In the present embodiment, the structure of subscriber identification card as shown in Figure 1, in the present embodiment, between subscriber identification card and the security of mobile phone, generate arranging key by the mode of mutual certificate of certification, so that subscriber identification card and mobile phone security adopt the arranging key generating to carry out the safe transmission of information.Wherein:
Communication module 101, specifically for receiving the first authentication information and pending information, export the second authentication information, the second cipher-text information and process information, wherein, the first authentication information at least comprises: the first cipher-text information, ciphertext signing messages and certificate to be certified, the first cipher-text information at least comprises the first random factor and the second random factor, and ciphertext signing messages is the signature that the first cipher-text information is carried out; The second authentication information at least comprises: the first random factor and subscriber identification card certificate, and the second cipher-text information at least comprises the second random factor and the 3rd random factor;
Concrete, communication module 101 is accepted calling of processing module 110, for receiving the first authentication information and pending information, and output the second authentication information, the second cipher-text information and process information.Wherein:
The first authentication information is the authentication information that the security of mobile phone sends to subscriber identification card, for authenticating the legitimacy of security of mobile phone; Pending information is the information that the security of mobile phone sends to subscriber identification card, and this information can be for needing the confidential information of safe transmission, can be also any information such as Transaction Information to be transacted in Net silver.If the present invention is applied in secure transmission of confidential information, the confidential information that this information can need to be exported for mobile phone, for example: mobile phone is from confidential information of obtaining in the secure storage section of mobile phone etc.; If the present invention is applied in Internet-based banking services, this information can be the Transaction Information of pending transaction, for example: the Transaction Information such as transaction account, dealing money that mobile phone gets by Web bank's client.
The second authentication information is the authentication information that subscriber identification card is sent to the security of mobile phone, for the legitimacy of the security authenticated user identification card of mobile phone; The first cipher-text information can carrying mobile phone security generate for generating the partial factors of the arranging key that the security of subscriber identification card and mobile phone consults mutually; Certainly, the second cipher-text information also can carry that subscriber identification card generates and/or that the security of mobile phone generates and send to subscriber identification card for generating the partial factors of the arranging key that the security of subscriber identification card and mobile phone consults mutually;
The information of the process information pending information of response that to be subscriber identification card send to the security of mobile phone, if the present invention is applied in secure transmission of confidential information, process information can be for the confidential information after signature etc.; If the present invention is applied in Internet-based banking services, process information can be the Transaction Information etc. after signature.
Certainly, this process information can also comprise: symmetry algorithm module 107 is encrypted the enciphered message calculating to signing messages according to arranging key, wherein, to be public key algorithm module 106 treat process information according to the private key of subscriber identification card to signing messages carries out signature calculation and obtain; Or
Process information comprises: symmetry algorithm module 107 carries out to signing messages check information and the signing messages that verification calculates according to arranging key, wherein, to be public key algorithm module 106 treat process information according to the private key of subscriber identification card to signing messages carries out signature calculation and obtain; Or
Process information comprises: symmetry algorithm module 107 is encrypted the enciphered message calculating and signing messages is carried out to the check information that verification calculates signing messages according to arranging key, wherein, to be public key algorithm module 106 treat process information according to the private key of subscriber identification card to signing messages carries out signature calculation and obtain; Or
Process information comprises: symmetry algorithm module 107 is encrypted the enciphered message calculating and enciphered message is carried out to the check information that verification calculates signing messages according to arranging key, wherein, to be public key algorithm module 106 treat process information according to the private key of subscriber identification card to signing messages carries out signature calculation and obtain.
Thus, subscriber identification card can also ensure the fail safe of signing messages transmission in transmission process information.
This communication module 101 can be the interface arbitrarily such as serial ports, USB interface, NFC interface, blue tooth interface, infrared interface, button or audio interface.
Security authentication module 102, for carrying out safety certification to subscriber identity information and user's operation information; Concrete, security authentication module 102 can be accepted calling of processing module 110, user is inputted by mobile phone or identity information that other modes are inputted carries out safety certification, also can carry out safety certification to user's operation information, the operations such as such as read operation, this security authentication module 102 can be set different level of securitys according to different users, to complete safety certification function according to the identity of different user and/or operation.
Control of authority module 103, for carrying out control of authority to processing module 110 to calling of modules; Concrete, control of authority module 103 can be accepted calling of processing module 110, and has coordinated processing module 110 to the calling of modules with processing module 110, thus the calling of control processing module 110.Certainly, control of authority module 103 can also be controlled the execution authority of code and/or application program, with the safety of guarantee information, function and application.
Safety protection module 104, at least carrying out fence operation to the operation of public key algorithm module 106, symmetry algorithm module 107, random number module 108 and/or hash module 109; Concrete, in the time that public key algorithm module 106 is carried out signature calculation, and in the time that symmetry algorithm module 107 is carried out encryption and decryption calculating and/or verification calculating, protect by being invoked in calculating of processing module 110.Thereby can resist the attack analysis such as energy spectrometer or emi analysis, improve and calculate the difficulty cracking, thereby improve the fail safe that various information is calculated.Wherein, fence operation can comprise: the scrambling operations arbitrarily such as frequency scrambling, power consumption scrambling or calculating scrambling; fence operation can also be the operations such as EQUILIBRIUM CALCULATION FOR PROCESS, as long as can realize security protection object, prevents that the operations such as attack all can belong to protection scope of the present invention.Wherein, safety protection module 104 at least carries out fence operation to the calculating operation of public key algorithm module 106 and/or symmetry algorithm module 107.
Secure storage module 105, also for storing the private key of subscriber identification card, the certificate of subscriber identification card, the PKI of certificate to be certified;
Concrete, secure storage module 105 except storage carry out signature calculation private key, carry out arranging key that encryption and decryption calculating and/or verification calculate, also specifically store the private key of subscriber identification card, to accept calling of processing module 110, carry out signature operation and/or the signature operation of Web bank etc. in confidential information transmission; The certificate of storage subscriber identification card, to accept calling of processing module 110, carries out the legitimacy certification of subscriber identification card in order to the certificate of subscriber identification card is sent to the security of mobile phone, improve fail safe; Store the PKI of certificate to be certified, to accept calling of processing module 110, thereby make subscriber identification card authenticate the security of mobile phone, improve fail safe, this certificate to be certified can be the certificate of the security of mobile phone.
Public key algorithm module 106, carries out the sign test of ciphertext signing messages and calculates, and treat certificate of certification authentication calculations by the PKI of certificate to be certified;
Concrete, public key algorithm module 106 is except for carrying out signature calculation, also, specifically for accepting calling of processing module 110, the ciphertext signing messages security of mobile phone being sent by the PKI of certificate to be certified carries out sign test calculating, so that the correctness of checking ciphertext signing messages; Also accept calling of processing module 110 simultaneously, treat certificate of certification and carry out authentication calculations, so that the legitimacy of the security of certification mobile phone.
Symmetry algorithm module 107, also for the first cipher-text information is decrypted to calculating, and is at least encrypted calculating acquisition the second cipher-text information to the second random factor and the 3rd random factor;
Concrete, symmetry algorithm module 107 is specifically for accepting calling of processing module 110, the first cipher-text information is decrypted, to obtain the factor that generates arranging key, also for accepting calling of processing module 110, the factor that generates arranging key is encrypted to calculating, so that by the security that is sent to mobile phone of the factor safety of generation arranging key.Certainly, the symmetry algorithm module 107 of the present embodiment can also be used for treating process information and be decrypted calculating and/or verification calculating, treating process information in the security of mobile phone has carried out after computations and/or verification calculating, in order to examine pending information integrity and authenticity, symmetry algorithm module 107 is also treated process information and is decrypted calculating and/or verification calculating, certainly, the symmetry algorithm module 107 of the present embodiment can also be accepted calling of processing module 110, process information is encrypted and is calculated and/or verification calculating, to ensure authenticity and the integrality of process information.
Random number module 108, also for generating the first random factor and the 3rd random factor;
Concrete, random number module 108 prevents the first random factor of Replay Attack specifically for generation, and generates for generating the 3rd random factor of arranging key, and accepts calling of processing module 110.
Hash module 109, for carrying out hash calculating; Concrete, hash module 109 can be accepted calling of processing module 110, in the time that processing module 110 is called public key algorithm module 106, according to the private key of subscriber identification card, information is carried out to signature calculation, coordinate and carry out hash calculating to obtain signing messages, with the safety function of completing user identification card.
Processing module 110, also for after calling public key algorithm module 106 and treating certificate of certification and authenticate and pass through, calling public key algorithm module 106 calculates the sign test of ciphertext signing messages, and after sign test is passed through, call symmetry algorithm module 107 and decipher the first cipher-text information, obtain the second random factor, and call the 3rd random factor that random number module 108 generates, and call symmetry algorithm module 107 and the second random factor and the 3rd random factor are encrypted to calculate obtain the second cipher-text information.Concrete, processing module 110 is called above-mentioned modules, so that the certificate that can send the security of mobile phone authenticates, the signature that the security of mobile phone is sent carries out sign test, and the ciphertext that the security of mobile phone is sent is decrypted the generation factor that obtains arranging key, then call the generation factor of another arranging key of generation, the generation factor that the generation factor of sending according to the security of mobile phone and subscriber identification card generate generates the arranging key of subscriber identification card end jointly, thereby make between the security of mobile phone and subscriber identification card key through consultation carry out information interaction, improve the fail safe of information interaction.
Thus, by the subscriber identification card that possesses safety function of the present invention, can carry out safely transfer of data.
And then common the use to realize the Internet-based banking services of mobile phone Secure execution and/or confidential information of the security that adopts subscriber identification card matching with mobile phone of the present invention transmitted.
Embodiment 2
In the present embodiment, the structure of subscriber identification card as shown in Figure 1, in the present embodiment, between subscriber identification card and the security of mobile phone, calculate and generate the factor of arranging key and mutually send and the mode of checking generates arranging key by symmetric key, so that subscriber identification card adopts the arranging key of generation to carry out the safe transmission of information with mobile phone security.Wherein:
Communication module 101, also for receiving the first check information and pending information, output the second check information and process information; Wherein, the first check information calculates by the first random factor, and the second check information calculates by the second random factor;
Concrete, communication module 101 is accepted calling of processing module 110, for receiving the first check information and pending information, and output the second check information and process information.Wherein:
The first check information is that the security of mobile phone is carried out verification by the first key to the first random factor and calculated, subscriber identification card obtains the first check information and is verified rear acquisition without real the first random factor of distorting, the security that this first random factor can be mobile phone generates, and can be also that subscriber identification card generates the security that is sent to safely mobile phone; Pending information is the information that the security of mobile phone sends to subscriber identification card, and this information can be for needing the confidential information of safe transmission, can be also any information such as Transaction Information to be transacted in Net silver.If the present invention is applied in secure transmission of confidential information, the confidential information that this information can need to be exported for mobile phone, for example: mobile phone is from confidential information of obtaining in the secure storage section of mobile phone etc.; If the present invention is applied in Internet-based banking services, this information can be the Transaction Information of pending transaction, for example: the Transaction Information such as transaction account, dealing money that mobile phone gets by Web bank's client.
The second check information is that subscriber identification card carries out verification by the second key to the second random factor and calculates, so that the security of mobile phone obtains the second check information and is verified rear acquisition without real the second random factor of distorting.
The security of subscriber identification card and mobile phone generates both sides' arranging key according to the first random factor obtaining separately and the second random factor.
The information of the process information pending information of response that to be subscriber identification card send to the security of mobile phone, if the present invention is applied in secure transmission of confidential information, process information can be for the confidential information after signature etc.; If the present invention is applied in Internet-based banking services, process information can be the Transaction Information etc. after signature.
Certainly, this process information can also comprise: symmetry algorithm module 107 is encrypted the enciphered message calculating to signing messages according to arranging key, wherein, to be public key algorithm module 106 treat process information according to the private key of subscriber identification card to signing messages carries out signature calculation and obtain; Or
Process information comprises: symmetry algorithm module 107 carries out to signing messages check information and the signing messages that verification calculates according to arranging key, wherein, to be public key algorithm module 106 treat process information according to the private key of subscriber identification card to signing messages carries out signature calculation and obtain; Or
Process information comprises: symmetry algorithm module 107 is encrypted the enciphered message calculating and signing messages is carried out to the check information that verification calculates signing messages according to arranging key, wherein, to be public key algorithm module 106 treat process information according to the private key of subscriber identification card to signing messages carries out signature calculation and obtain; Or
Process information comprises: symmetry algorithm module 107 is encrypted the enciphered message calculating and enciphered message is carried out to the check information that verification calculates signing messages according to arranging key, wherein, to be public key algorithm module 106 treat process information according to the private key of subscriber identification card to signing messages carries out signature calculation and obtain.
Thus, subscriber identification card can also ensure the fail safe of signing messages transmission in transmission process information.
This communication module 101 can be the interface arbitrarily such as serial ports, USB interface, NFC interface, blue tooth interface, infrared interface, button or audio interface.
Security authentication module 102, for carrying out safety certification to subscriber identity information and user's operation information; Concrete, security authentication module 102 can be accepted calling of processing module 110, user is inputted by mobile phone or identity information that other modes are inputted carries out safety certification, also can carry out safety certification to user's operation information, the operations such as such as read operation, this security authentication module 102 can be set different level of securitys according to different users, to complete safety certification function according to the identity of different user and/or operation.
Control of authority module 103, for carrying out control of authority to processing module 110 to calling of modules; Concrete, control of authority module 103 can be accepted calling of processing module 110, and has coordinated processing module 110 to the calling of modules with processing module 110, thus the calling of control processing module 110.Certainly, control of authority module 103 can also be controlled the execution authority of code and/or application program, with the safety of guarantee information, function and application.
Safety protection module 104, at least carrying out fence operation to the operation of public key algorithm module 106, symmetry algorithm module 107, random number module 108 and/or hash module 109; Concrete, in the time that public key algorithm module 106 is carried out signature calculation, and in the time that symmetry algorithm module 107 is carried out encryption and decryption calculating and/or verification calculating, protect by being invoked in calculating of processing module 110.Thereby can resist the attack analysis such as energy spectrometer or emi analysis, improve and calculate the difficulty cracking, thereby improve the fail safe that various information is calculated.Wherein, fence operation can comprise: the scrambling operations arbitrarily such as frequency scrambling, power consumption scrambling or calculating scrambling; fence operation can also be the operations such as EQUILIBRIUM CALCULATION FOR PROCESS, as long as can realize security protection object, prevents that the operations such as attack all can belong to protection scope of the present invention.Wherein, safety protection module 104 at least carries out fence operation to the calculating operation of public key algorithm module 106 and/or symmetry algorithm module 107.
Secure storage module 105, also for storing the private key of subscriber identification card, the first key of verifying and the second key;
Concrete, secure storage module 105 except storage carry out signature calculation private key, carry out arranging key that encryption and decryption calculating and/or verification calculate, also specifically store the private key of subscriber identification card, to accept calling of processing module 110, carry out signature operation and/or the signature operation of Web bank etc. in confidential information transmission; The first key and the second key that storage is verified, to accept calling of processing module 110, in order to verify that the first check information obtains real the first random factor, and in order to the second random factor is carried out to verification calculating, so that the security of mobile phone obtains real the second random factor, improve fail safe.Certainly, the first key and the second key can be identical key, can be also different keys, as long as the security of subscriber identification card and mobile phone is all stored identical verification computation key, this all should belong to protection scope of the present invention.
Public key algorithm module 106, for carrying out signature calculation; Concrete, public key algorithm module 106 is in the calling of processed module 110, carry out signature calculation according to the private key (the present invention can be the private key of subscriber identification card) for carrying out signature calculation of storage in secure storage module 105, thereby can realize the safety function of subscriber identification card.
Symmetry algorithm module 107, also for by the first key, the first check information being carried out to verification calculating, carries out verification by the second key to the second random factor and calculates acquisition the second check information;
Concrete, symmetry algorithm module 107, specifically for accepting calling of processing module 110, is carried out verification calculating by the first key to the first check information, thus in verification by rear so that processing module 110 obtains real the first random factor; Also for accepting calling of processing module 110, by the second key, the second random factor is carried out to verification and calculate acquisition the second check information, so that safe transmission the second random factor, guarantee that the second random factor is not tampered in transmitting procedure, even if or be tampered, also can verification go out it in the security of mobile phone and be tampered, real without the second random factor of distorting so that the security of mobile phone obtains.Certainly, the symmetry algorithm module 107 of the present embodiment can also be used for treating process information and be decrypted calculating and/or verification calculating, treating process information in the security of mobile phone has carried out after computations and/or verification calculating, in order to examine pending information integrity and authenticity, symmetry algorithm module 107 is also treated process information and is decrypted calculating and/or verification calculating, certainly, the symmetry algorithm module 107 of the present embodiment can also be accepted calling of processing module 110, process information is encrypted and is calculated and/or verification calculating, to ensure authenticity and the integrality of process information.
Random number module 108, also at least generating the second random factor;
Concrete, random number module 108 is used for generating the second random factor of arranging key specifically for generating, and accepts calling of processing module 110.
Hash module 109, for carrying out hash calculating; Concrete, hash module 109 can be accepted calling of processing module 110, in the time that processing module 110 is called public key algorithm module 106, according to the private key of subscriber identification card, information is carried out to signature calculation, coordinate and carry out hash calculating to obtain signing messages, with the safety function of completing user identification card.
Processing module 110, also for the first check information being carried out to verification calling the first key and the symmetry algorithm module 107 that secure storage module 105 stores, and after verification is passed through, call the second random factor that random number module 108 generates, and call symmetry algorithm module 107 the second random factor is carried out to verification calculating acquisition the second check information.Concrete, processing module 110 is for calling above-mentioned modules, so that the check information that the security of mobile phone is sent carries out verification, and obtain arranging key and generate the factor and generate the arranging key of subscriber identification card end, thereby make between the security of mobile phone and subscriber identification card key through consultation carry out information interaction, improve the fail safe of information interaction.
Thus, by the subscriber identification card that possesses safety function of the present invention, can carry out safely transfer of data.
And then common the use to realize the Internet-based banking services of mobile phone Secure execution and/or confidential information of the security that adopts subscriber identification card matching with mobile phone of the present invention transmitted.
Embodiment 3
In the present embodiment, the structure of subscriber identification card as shown in Figure 1, in the present embodiment, between subscriber identification card and the security of mobile phone, pass through to generate the other side's PKI, generate arranging key to send and decipher by the factor that the other side's public key encryption generates arranging key the mode that obtains the factor that generates arranging key, so that subscriber identification card adopts the arranging key of generation to carry out the safe transmission of information with mobile phone security.Wherein:
Communication module 101, also for receiving the first cipher-text information and pending information, output the second cipher-text information and process information; Wherein, the first cipher-text information is by the PKI of subscriber identification card, the first random factor to be encrypted and to be calculated, and the second cipher-text information is that the PKI by treating interactive module is encrypted and calculates the second random factor;
Concrete, communication module 101 is accepted calling of processing module 110, for receiving the first cipher-text information and pending information, and output the second cipher-text information and process information.Wherein:
The first cipher-text information is that the security of mobile phone is encrypted and calculates the first random factor by the PKI of the subscriber identification card of generation, subscriber identification card obtains real the first random factor obtaining after the first enciphered message the private key deciphering with subscriber identification card, the security that this first random factor can be mobile phone generates, and can be also that subscriber identification card generates the security that is sent to safely mobile phone; Pending information is the information that the security of mobile phone sends to subscriber identification card, and this information can be for needing the confidential information of safe transmission, can be also any information such as Transaction Information to be transacted in Net silver.If the present invention is applied in secure transmission of confidential information, the confidential information that this information can need to be exported for mobile phone, for example: mobile phone is from confidential information of obtaining in the secure storage section of mobile phone etc.; If the present invention is applied in Internet-based banking services, this information can be the Transaction Information of pending transaction, for example: the Transaction Information such as transaction account, dealing money that mobile phone gets by Web bank's client.
The second cipher-text information is that the PKI for the treatment of interactive module that subscriber identification card generates by subscriber identification card is encrypted and calculates the second random factor, so that the security of mobile phone obtains real the second random factor after obtaining the second cipher-text information deciphering.
The security of subscriber identification card and mobile phone generates both sides' arranging key according to the first random factor obtaining separately and the second random factor.
The information of the process information pending information of response that to be subscriber identification card send to the security of mobile phone, if the present invention is applied in secure transmission of confidential information, process information can be for the confidential information after signature etc.; If the present invention is applied in Internet-based banking services, process information can be the Transaction Information etc. after signature.
Certainly, this process information can also comprise: symmetry algorithm module 107 is encrypted the enciphered message calculating to signing messages according to arranging key, wherein, to be public key algorithm module 106 treat process information according to the private key of subscriber identification card to signing messages carries out signature calculation and obtain; Or
Process information comprises: symmetry algorithm module 107 carries out to signing messages check information and the signing messages that verification calculates according to arranging key, wherein, to be public key algorithm module 106 treat process information according to the private key of subscriber identification card to signing messages carries out signature calculation and obtain; Or
Process information comprises: symmetry algorithm module 107 is encrypted the enciphered message calculating and signing messages is carried out to the check information that verification calculates signing messages according to arranging key, wherein, to be public key algorithm module 106 treat process information according to the private key of subscriber identification card to signing messages carries out signature calculation and obtain; Or
Process information comprises: symmetry algorithm module 107 is encrypted the enciphered message calculating and enciphered message is carried out to the check information that verification calculates signing messages according to arranging key, wherein, to be public key algorithm module 106 treat process information according to the private key of subscriber identification card to signing messages carries out signature calculation and obtain.
Thus, subscriber identification card can also ensure the fail safe of signing messages transmission in transmission process information.
This communication module 101 can be the interface arbitrarily such as serial ports, USB interface, NFC interface, blue tooth interface, infrared interface, button or audio interface.
Security authentication module 102, for carrying out safety certification to subscriber identity information and user's operation information; Concrete, security authentication module 102 can be accepted calling of processing module 110, user is inputted by mobile phone or identity information that other modes are inputted carries out safety certification, also can carry out safety certification to user's operation information, the operations such as such as read operation, this security authentication module 102 can be set different level of securitys according to different users, to complete safety certification function according to the identity of different user and/or operation.
Control of authority module 103, for carrying out control of authority to processing module 110 to calling of modules; Concrete, control of authority module 103 can be accepted calling of processing module 110, and has coordinated processing module 110 to the calling of modules with processing module 110, thus the calling of control processing module 110.Certainly, control of authority module 103 can also be controlled the execution authority of code and/or application program, with the safety of guarantee information, function and application.
Safety protection module 104, at least carrying out fence operation to the operation of public key algorithm module 106, symmetry algorithm module 107, random number module 108 and/or hash module 109; Concrete, in the time that public key algorithm module 106 is carried out signature calculation, and in the time that symmetry algorithm module 107 is carried out encryption and decryption calculating and/or verification calculating, protect by being invoked in calculating of processing module 110.Thereby can resist the attack analysis such as energy spectrometer or emi analysis, improve and calculate the difficulty cracking, thereby improve the fail safe that various information is calculated.Wherein, fence operation can comprise: the scrambling operations arbitrarily such as frequency scrambling, power consumption scrambling or calculating scrambling; fence operation can also be the operations such as EQUILIBRIUM CALCULATION FOR PROCESS, as long as can realize security protection object, prevents that the operations such as attack all can belong to protection scope of the present invention.Wherein, safety protection module 104 at least carries out fence operation to the calculating operation of public key algorithm module 106 and/or symmetry algorithm module 107.
Secure storage module 105, also for store subscriber identification card private key, treat interactive module PKI generate PKI computational algorithm;
Concrete, secure storage module 105 except storage carry out signature calculation private key, carry out arranging key that encryption and decryption calculating and/or verification calculate, also specifically store the private key of subscriber identification card, to accept calling of processing module 110, carry out signature operation and/or the signature operation of Web bank etc. in confidential information transmission, meanwhile, can also accept calling of processing module 110, the information of interactive module with the public key encryption transmission of subscriber identification card is treated in deciphering; The PKI computational algorithm that the PKI of interactive module generates is treated in storage, to accept calling of processing module 110, jointly generate according to the identification information of the security of mobile phone the PKI (being the PKI of the security of mobile phone) for the treatment of interactive module with public key algorithm module 106, so that the information to the security that need to be sent to mobile phone can be encrypted by the PKI of the security of mobile phone, ensure transmission security.
Public key algorithm module 106, also for according to PKI computational algorithm and treat that interactive module identification information generates and treat the PKI of interactive module;
Concrete, public key algorithm module 106 is except for carrying out signature calculation, also specifically for accepting calling of processing module 110, according to PKI computational algorithm and treat that interactive module (being the security of mobile phone) identification information generates the PKI for the treatment of interactive module.The identification information for the treatment of interactive module can include but not limited to: the sequence number of mobile phone CPU, the MAC Address of mobile phone CPU etc.
Symmetry algorithm module 107, is also decrypted calculating for the private key by subscriber identification card to the first cipher-text information, by the PKI for the treatment of interactive module, the second random factor is encrypted to calculating;
Concrete, symmetry algorithm module 107 is specifically for accepting calling of processing module 110, private key by subscriber identification card is decrypted the first cipher-text information, to obtain the factor that generates arranging key, also for accepting calling of processing module 110, the factor that generates arranging key is encrypted to calculating by the PKI for the treatment of interactive module, so that by the security that is sent to mobile phone of the factor safety of generation arranging key.Certainly, the symmetry algorithm module 107 of the present embodiment can also be used for treating process information and be decrypted calculating and/or verification calculating, treating process information in the security of mobile phone has carried out after computations and/or verification calculating, in order to examine pending information integrity and authenticity, symmetry algorithm module 107 is also treated process information and is decrypted calculating and/or verification calculating, certainly, the symmetry algorithm module 107 of the present embodiment can also be accepted calling of processing module 110, process information is encrypted and is calculated and/or verification calculating, to ensure authenticity and the integrality of process information.
Random number module 108, also at least generating the second random factor;
Concrete, random number module 108 is used for generating the second random factor of arranging key specifically for generating, and accepts calling of processing module 110.
Hash module 109, for carrying out hash calculating; Concrete, hash module 109 can be accepted calling of processing module 110, in the time that processing module 110 is called public key algorithm module 106, according to the private key of subscriber identification card, information is carried out to signature calculation, coordinate and carry out hash calculating to obtain signing messages, with the safety function of completing user identification card.
Processing module 110, also decipher the first cipher-text information according to the private key of subscriber identification card and obtain the first random factor for calling symmetry algorithm module 107, and call PKI computational algorithm and the public key algorithm module 106 that secure storage module 105 stores and generate the PKI for the treatment of interactive module, and call the second random factor that random number module 108 generates, and call symmetry algorithm module 107 bases and treat that the PKI of interactive module is encrypted and calculates acquisition the second cipher-text information the second random factor.Concrete, processing module 110 is for calling above-mentioned modules, so that the enciphered message that the security of mobile phone is sent is decrypted the generation factor that obtains arranging key, and according to the PKI of the security of the identification information generation mobile phone of the security of mobile phone, the arranging key that thereby subscriber identification card end can be generated generates the security that transfers to mobile phone of factor safety, generate the arranging key of factor family identification card end according to arranging key simultaneously, thereby make between the security of mobile phone and subscriber identification card key through consultation carry out information interaction, improve the fail safe of information interaction.
Thus, by the subscriber identification card that possesses safety function of the present invention, can carry out safely transfer of data.
And then common the use to realize the Internet-based banking services of mobile phone Secure execution and/or confidential information of the security that adopts subscriber identification card matching with mobile phone of the present invention transmitted.
Any process of otherwise describing in flow chart or at this or method are described and can be understood to, represent to comprise that one or more is for realizing module, fragment or the part of code of executable instruction of step of specific logical function or process, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by contrary order, carry out function, this should be understood by embodiments of the invention person of ordinary skill in the field.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple steps or method can realize with being stored in software or the firmware carried out in memory and by suitable instruction execution system.For example, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: there is the discrete logic for data-signal being realized to the logic gates of logic function, there is the application-specific integrated circuit (ASIC) of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is can carry out the hardware that instruction is relevant by program to complete, described program can be stored in a kind of computer-readable recording medium, this program, in the time carrying out, comprises step of embodiment of the method one or a combination set of.
In addition, the each functional unit in each embodiment of the present invention can be integrated in a processing module, can be also that the independent physics of unit exists, and also can be integrated in a module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.If described integrated module realizes and during as production marketing independently or use, also can be stored in a computer read/write memory medium using the form of software function module.
The above-mentioned storage medium of mentioning can be read-only memory, disk or CD etc.
In the description of this specification, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or example in conjunction with specific features, structure, material or the feature of this embodiment or example description.In this manual, the schematic statement of above-mentioned term is not necessarily referred to identical embodiment or example.And specific features, structure, material or the feature of description can be with suitable mode combination in any one or more embodiment or example.
Although illustrated and described embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change above-described embodiment within the scope of the invention in the situation that not departing from principle of the present invention and aim, amendment, replacement and modification.Scope of the present invention is by claims and be equal to and limit.
Claims (10)
1. a subscriber identification card, it is characterized in that, comprising: processing module, communication module, security authentication module, control of authority module, safety protection module, secure storage module, public key algorithm module, symmetry algorithm module, random number module and hash module;
Described communication module, for carrying out information reception and output;
Described security authentication module, for carrying out safety certification to subscriber identity information and user's operation information;
Described control of authority module, for carrying out control of authority to described processing module to calling of modules;
Described safety protection module, at least carrying out fence operation to the operation of described public key algorithm module, described symmetry algorithm module, described random number module and/or described hash module;
Described secure storage module, carries out the private key of signature calculation, the arranging key that carries out encryption and decryption calculating and/or verification calculating at least storing;
Described public key algorithm module, for carrying out signature calculation;
Described symmetry algorithm module, calculates for carrying out encryption and decryption calculating and/or verification;
Random number module, for generating random factor;
Hash module, for carrying out hash calculating;
Described processing module, call for information reception and output to described communication module, authentication result after described security authentication module certification is called, fence operation to described safety protection module is called, described secure storage module canned data is called, calculating to described public key algorithm module is called, calculating to described symmetry algorithm module is called, the random factor that described random number module is generated calls, the hash of described hash module is calculated and called, and carry out calling of modules according to the authority of described control of authority module.
2. subscriber identification card according to claim 1, is characterized in that,
Described communication module, also for receiving the first authentication information and pending information, export the second authentication information, the second cipher-text information and process information, wherein, described the first authentication information at least comprises: the first cipher-text information, ciphertext signing messages and certificate to be certified, described the first cipher-text information at least comprises the first random factor and the second random factor, and described ciphertext signing messages is the signature that described the first cipher-text information is carried out; Described the second authentication information at least comprises: the first random factor and subscriber identification card certificate, and described the second cipher-text information at least comprises described the second random factor and the 3rd random factor;
Described secure storage module, also for storing the certificate of the private key of subscriber identification card, described subscriber identification card, the PKI of described certificate to be certified;
Described public key algorithm module, carries out the sign test of described ciphertext signing messages and calculates, and described certificate verification to be certified is calculated by the PKI of described certificate to be certified;
Described symmetry algorithm module, also for described the first cipher-text information is decrypted to calculating, and is at least encrypted calculating acquisition the second cipher-text information to described the second random factor and described the 3rd random factor;
Random number module, also for generating described the first random factor and described the 3rd random factor;
Described processing module, also for after calling described public key algorithm module and described certificate to be certified is authenticated passing through, calling described public key algorithm module calculates the sign test of described ciphertext signing messages, and after sign test is passed through, call the first cipher-text information described in described symmetry algorithm module decrypts, obtain described the second random factor, and call described the 3rd random factor that described random number module generates, and call described symmetry algorithm module and described the second random factor and described the 3rd random factor are encrypted to calculate obtain described the second cipher-text information.
3. subscriber identification card according to claim 1, is characterized in that,
Described communication module, also for receiving the first check information and pending information, output the second check information and process information; Wherein, described the first check information calculates by the first random factor, and described the second check information calculates by the second random factor;
Described secure storage module, also for storing the private key of subscriber identification card, the first key of verifying and the second key;
Described symmetry algorithm module, also for by described the first key, described the first check information being carried out to verification calculating, carries out verification by described the second key to the second random factor and calculates described the second check information of acquisition;
Random number module, also at least generating described the second random factor;
Described processing module, also for described the first check information being carried out to verification in described the first key and the described symmetry algorithm module of calling described secure storage module storage, and after verification is passed through, call described the second random factor that described random number module generates, and call described symmetry algorithm module described the second random factor is carried out to described the second check information of verification calculating acquisition.
4. subscriber identification card according to claim 1, is characterized in that,
Described communication module, also for receiving the first cipher-text information and pending information, output the second cipher-text information and process information; Wherein, described the first cipher-text information is by the PKI of subscriber identification card, the first random factor to be encrypted and to be calculated, and described the second cipher-text information is that the PKI by treating interactive module is encrypted and calculates the second random factor;
Described secure storage module, also for store subscriber identification card private key, treat interactive module PKI generate PKI computational algorithm;
Described public key algorithm module, also for according to described PKI computational algorithm and treat that interactive module identification information treats the PKI of interactive module described in generating;
Described symmetry algorithm module, is also decrypted calculating for the private key by subscriber identification card to described the first cipher-text information, by the described PKI for the treatment of interactive module, described the second random factor is encrypted to calculating;
Random number module, also at least generating described the second random factor;
Described processing module, also decipher described the first cipher-text information according to the private key of described subscriber identification card and obtain the first random factor for calling described symmetry algorithm module, and call the described PKI computational algorithm of described secure storage module storage and described public key algorithm module and treat described in generating the PKI of interactive module, and call described the second random factor that described random number module generates, and call described symmetry algorithm module according to described in treat interactive module PKI described the second random factor be encrypted to calculate obtain described the second cipher-text information.
5. according to the subscriber identification card described in claim 2 to 4 any one, it is characterized in that,
Described process information comprises: described symmetry algorithm module is encrypted the enciphered message calculating to signing messages according to described arranging key, wherein, described signing messages is that described public key algorithm module is carried out signature calculation according to the private key of described subscriber identification card to described pending information and obtained; Or
Described process information comprises: described symmetry algorithm module carries out to signing messages check information and the described signing messages that verification calculates according to described arranging key, wherein, described signing messages is that described public key algorithm module is carried out signature calculation according to the private key of described subscriber identification card to described pending information and obtained; Or
Described process information comprises: described symmetry algorithm module is encrypted the enciphered message calculating and described signing messages is carried out to the check information that verification calculates signing messages according to described arranging key, wherein, described signing messages is that described public key algorithm module is carried out signature calculation according to the private key of described subscriber identification card to described pending information and obtained; Or
Described process information comprises: described symmetry algorithm module is encrypted the enciphered message calculating and described enciphered message is carried out to the check information that verification calculates signing messages according to described arranging key, wherein, described signing messages is that described public key algorithm module is carried out signature calculation according to the private key of described subscriber identification card to described pending information and obtained.
6. according to the subscriber identification card described in claim 2 to 5 any one, it is characterized in that,
Described processing module also, in the time that described public key algorithm module is carried out signature calculation according to the private key of described subscriber identification card to described pending information, is called the hash of described hash module and is calculated to obtain described signing messages.
7. according to the subscriber identification card described in claim 2 to 6 any one, it is characterized in that,
Described symmetry algorithm module, also calculates and/or verification calculating for described pending information is decrypted.
8. according to the subscriber identification card described in claim 1 to 7 any one, it is characterized in that, described communication module comprises: serial ports, USB interface, NFC interface, blue tooth interface, infrared interface, button or audio interface.
9. according to the subscriber identification card described in claim 1 to 8 any one, it is characterized in that, described fence operation comprises: frequency scrambling, power consumption scrambling, calculating scrambling or EQUILIBRIUM CALCULATION FOR PROCESS.
10. according to the subscriber identification card described in claim 1 to 9 any one, it is characterized in that, described control of authority module is also for controlling the execution of code and/or application program.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410156521.6A CN103944724B (en) | 2014-04-18 | 2014-04-18 | A kind of subscriber identification card |
| HK15100231.2A HK1199984A1 (en) | 2014-04-18 | 2015-01-09 | User identification card |
| PCT/CN2015/070906 WO2015158172A1 (en) | 2014-04-18 | 2015-01-16 | User identity identification card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410156521.6A CN103944724B (en) | 2014-04-18 | 2014-04-18 | A kind of subscriber identification card |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103944724A true CN103944724A (en) | 2014-07-23 |
| CN103944724B CN103944724B (en) | 2017-10-03 |
Family
ID=51192224
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410156521.6A Active CN103944724B (en) | 2014-04-18 | 2014-04-18 | A kind of subscriber identification card |
Country Status (3)
| Country | Link |
|---|---|
| CN (1) | CN103944724B (en) |
| HK (1) | HK1199984A1 (en) |
| WO (1) | WO2015158172A1 (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104158567A (en) * | 2014-07-25 | 2014-11-19 | 天地融科技股份有限公司 | Pairing method and system and data interaction method and system for Bluetooth equipment |
| WO2015158172A1 (en) * | 2014-04-18 | 2015-10-22 | 天地融科技股份有限公司 | User identity identification card |
| CN105812334A (en) * | 2014-12-31 | 2016-07-27 | 北京华虹集成电路设计有限责任公司 | Network authentication method |
| CN106982214A (en) * | 2017-03-31 | 2017-07-25 | 山东超越数控电子有限公司 | A kind of cloud desktop security of use NFC technique logs in ID card and cloud desktop security login method |
| CN108985046A (en) * | 2018-06-07 | 2018-12-11 | 国民技术股份有限公司 | A kind of safety stop control method, system and computer readable storage medium |
| CN110728347A (en) * | 2019-09-16 | 2020-01-24 | 中云信安(深圳)科技有限公司 | Solid electronic card and method for updating card surface display information of solid electronic card |
| CN115022093A (en) * | 2022-08-05 | 2022-09-06 | 确信信息股份有限公司 | Trusted CPU key calculation method and system based on multi-stage key |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107451647B (en) * | 2016-06-01 | 2023-08-29 | 北京军地联合网络技术中心 | Built-in safety mechanism's special SIM card of barracks |
| CN106652665A (en) * | 2016-12-09 | 2017-05-10 | 西安电子科技大学 | Experimental device of computer composition principle |
| CN112885434B (en) * | 2021-03-23 | 2022-04-15 | 中国人民解放军联勤保障部队第九六〇医院 | System and method for integrating portable information acquisition and psychological test in network-free environment |
| CN114615046A (en) * | 2022-03-07 | 2022-06-10 | 中国大唐集团科学技术研究总院有限公司 | Administrator double-factor authentication method based on national secret certificate |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7076062B1 (en) * | 2000-09-14 | 2006-07-11 | Microsoft Corporation | Methods and arrangements for using a signature generating device for encryption-based authentication |
| CN1832403A (en) * | 2006-04-24 | 2006-09-13 | 北京易恒信认证科技有限公司 | CPK credibility authorization system |
| CN101009556A (en) * | 2007-01-08 | 2007-08-01 | 中国信息安全产品测评认证中心 | Intelligent card and U disk compound device and its access security improvement method based on bidirectional authentication mechanism |
| CN101106455A (en) * | 2007-08-20 | 2008-01-16 | 北京飞天诚信科技有限公司 | Identity authentication method and intelligent secret key device |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101938520B (en) * | 2010-09-07 | 2015-01-28 | 中兴通讯股份有限公司 | Mobile terminal signature-based remote payment system and method |
| CN102802036B (en) * | 2012-07-26 | 2015-04-29 | 深圳创维-Rgb电子有限公司 | System and method for identifying digital television |
| CN103164738B (en) * | 2013-02-06 | 2015-09-30 | 厦门盛华电子科技有限公司 | A kind of cellphone subscriber's identification card based on the certification of mobile payment multi-channel digital |
| CN103944724B (en) * | 2014-04-18 | 2017-10-03 | 天地融科技股份有限公司 | A kind of subscriber identification card |
-
2014
- 2014-04-18 CN CN201410156521.6A patent/CN103944724B/en active Active
-
2015
- 2015-01-09 HK HK15100231.2A patent/HK1199984A1/en unknown
- 2015-01-16 WO PCT/CN2015/070906 patent/WO2015158172A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7076062B1 (en) * | 2000-09-14 | 2006-07-11 | Microsoft Corporation | Methods and arrangements for using a signature generating device for encryption-based authentication |
| CN1832403A (en) * | 2006-04-24 | 2006-09-13 | 北京易恒信认证科技有限公司 | CPK credibility authorization system |
| CN101009556A (en) * | 2007-01-08 | 2007-08-01 | 中国信息安全产品测评认证中心 | Intelligent card and U disk compound device and its access security improvement method based on bidirectional authentication mechanism |
| CN101106455A (en) * | 2007-08-20 | 2008-01-16 | 北京飞天诚信科技有限公司 | Identity authentication method and intelligent secret key device |
Non-Patent Citations (1)
| Title |
|---|
| 宣蕾等: "基于CPK认证技术的智能卡设计", 《2009年中国高校通信类院系学术研讨会论文集》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015158172A1 (en) * | 2014-04-18 | 2015-10-22 | 天地融科技股份有限公司 | User identity identification card |
| CN104158567A (en) * | 2014-07-25 | 2014-11-19 | 天地融科技股份有限公司 | Pairing method and system and data interaction method and system for Bluetooth equipment |
| CN104158567B (en) * | 2014-07-25 | 2016-05-18 | 天地融科技股份有限公司 | Matching method between bluetooth equipment and system, data interactive method and system |
| CN105812334A (en) * | 2014-12-31 | 2016-07-27 | 北京华虹集成电路设计有限责任公司 | Network authentication method |
| CN105812334B (en) * | 2014-12-31 | 2019-02-05 | 北京华虹集成电路设计有限责任公司 | A kind of method for network authorization |
| CN106982214A (en) * | 2017-03-31 | 2017-07-25 | 山东超越数控电子有限公司 | A kind of cloud desktop security of use NFC technique logs in ID card and cloud desktop security login method |
| CN108985046A (en) * | 2018-06-07 | 2018-12-11 | 国民技术股份有限公司 | A kind of safety stop control method, system and computer readable storage medium |
| CN110728347A (en) * | 2019-09-16 | 2020-01-24 | 中云信安(深圳)科技有限公司 | Solid electronic card and method for updating card surface display information of solid electronic card |
| CN115022093A (en) * | 2022-08-05 | 2022-09-06 | 确信信息股份有限公司 | Trusted CPU key calculation method and system based on multi-stage key |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103944724B (en) | 2017-10-03 |
| HK1199984A1 (en) | 2015-07-24 |
| WO2015158172A1 (en) | 2015-10-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20240007308A1 (en) | Confidential authentication and provisioning | |
| AU2022224799B2 (en) | Methods for secure cryptogram generation | |
| CN103944724A (en) | User identity identification card | |
| CN103763631B (en) | Authentication method, server and television set | |
| CN107358441B (en) | Payment verification method and system, mobile device and security authentication device | |
| KR101634158B1 (en) | Method for authenticating identity and generating share key | |
| CN101221641B (en) | On-line trading method and its safety affirmation equipment | |
| CN103095456A (en) | Method and system for processing transaction messages | |
| WO2015161689A1 (en) | Data processing method based on negotiation key | |
| CN102811224A (en) | Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection | |
| CN101819614A (en) | System and method for enhancing network transaction safety by utilizing voice verification USBKey | |
| CN101420302A (en) | Safe identification method and device | |
| WO2015135398A1 (en) | Negotiation key based data processing method | |
| CN103746802A (en) | Data processing method based on coordination secret keys and mobile phone | |
| CN103813333A (en) | Data processing method based on negotiation keys | |
| CN117081736A (en) | Key distribution method, key distribution device, communication method, and communication device | |
| KR101856530B1 (en) | Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof | |
| CN103813321A (en) | Agreement key based data processing method and mobile phone | |
| CN103888259B (en) | A kind of subscriber identification card | |
| CN106330877B (en) | It is a kind of to authorize the method and system converted to the SOT state of termination | |
| CN104579692A (en) | Information processing method on basis of intelligent card | |
| Li et al. | Mobile Security Payment Solution Based on Encrypted SMS Verification Code | |
| CN117216777A (en) | Trusted verification method and system for key data of industrial control system | |
| CN117220941A (en) | Equipment authentication method and vehicle | |
| WO2015110037A1 (en) | Dual-channel identity authentication method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1199984 Country of ref document: HK |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: GR Ref document number: 1199984 Country of ref document: HK |